Description
MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Sebastian Krahmer · perllocallinux
https://www.exploit-db.com/exploits/23759
Scores
EPSS
0.0058
EPSS Percentile
68.9%
Details
Status
published
Products (9)
mtools/mformat
3.9.1
mtools/mformat
3.9.2
mtools/mformat
3.9.3
mtools/mformat
3.9.4
mtools/mformat
3.9.5
mtools/mformat
3.9.6
mtools/mformat
3.9.7
mtools/mformat
3.9.8
mtools/mformat
3.9.9
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026